WHAT IS CLAIMED IS: 

1 1 . In a cable system, an encryption renewal system for generating one or 

2 more entitlement control messages, the messages containing cryptographic keys for allowing 

3 a subscriber set-top box to decrypt content encrypted off-line, the entitlement control 

4 message being forwarded with the content to the subscriber terminal, the encryption renewal 

5 system comprising: 

6 a first computing platform for receiving a request to generate the entitlement 

7 control messages, the first computing platform performing non-secure tasks associated with 

8 the entitlement control messages; 

9 a second computing platform physically separate jSrom the first computing 

10 platform for generating the entitlement control messages, the second computing platform 

1 1 performing secure tasks associated with the entitlement control messages; and 

12 one or more firewalls between the first and the second computing platforms 

13 for enhancing security of the encryption renewal system, the first computing platform 

14 forwarding the entitlement control messages to enable the subscriber set-top box to de-crypt 

15 the pre-encrypted content. 

1 2. The system of claim 1 wherein the second computing platform further 

2 comprises an application specific integrated circuit chip for generating the entitlement control 
"■"3 messages. 

= 1 3. An encryption renewal system comprising: 

2 a first computing platform for performing non-secure tasks associated with 

3 one or more control messages that transmit one or more keys to a subscriber; and 

4 a second computing platform physically separate firom the first computing 

5 platform containing one or more application specific integrated circuit chip for generating the 

6 one or more control messages. 

1 4. The system of claim 3 fiirther comprising one or more firewalls 

2 between the first and the second computing platforms. 

1 5. The system of claim 3 further comprising a database for storing the 

2 keys to be included in the control messages. 
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1 6. The system of claim 3 wherein the key is a group or periodical key 

2 from a conditional access system for controlling a population of set-top boxes. 

1 7. The system of claim 3 further comprising a third computing platform 

2 physically separate from the first computing platform for performing secure tasks associated 

3 with the control messages. 

1 8. The system ofclaim 7 wherein each ofthe second and third computing 

2 platforms are detachably coupled to the first computing platform. 

1 9. The system of claim 3 wherein the second computing platform ftirther 

2 comprises a web server accepting requests from the first computing platform to generate the 

3 control messages. 

10. The system of claim 7 wherein the second and third computing 

:12 platforms are initially configured to be identical. 

1 11. The system ofclaim 3 wherein the second and third computing 

"2 platforms are interchangeable. 

1 12. The system of claim 3 wherein the control message is generated using 

J2 the cryptographic key and an encryption record. 

1 13. An encryption renewal system, comprising: 

2 means for receiving an entitlement management message containing one or 

3 more cryptographic keys which allows a subscriber of a point to point communication system 

4 to access pre-encrypted content; 

5 means for extracting the cryptographic key from the entitlement management 

6 message, said means for extracting being physically separate from the means for receiving; 

7 and 

8 means for storing the one or more cryptographic keys, said means for 

9 receiving and means for extracting performing non-secure and secure processing, 

1 0 respectively, of tasks associated with extracting the one or more cryptographic keys. 
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1 14. The system of claim 1 3 wherein the means for extracting further 

2 comprises an application specific integrated for extracting the one or more cryptographic 

3 keys. 

1 15. The system of claim 14 wherein the application specific integrated 

2 circuit re-encrypts the one or more cryptographic keys for external storage. 

1 16. The system of claim 1 3 wherein the means for storing stores 

2 information about which video on demand system associated with the conditional access 

3 system. 

1 17. A method of registering an off-line encryption device in order to begin 

2 encrypting clear content, the method using a remotely located encryption renewal system, the 
^ method comprising: 

-4 generating registration data for registering the off-Hne encryption device; 

- 5 encrypting the registration data with one or more cryptographic keys to form 

6 encrypted registration data; 

-7 forwarding the encrypted registration data to the off-line encryption device; 

8 and 

9 retrieving, by the off-line encryption device, the registration data from the 

1 0 encrypted registration data, wherein the off-line encryption device begins to encrypt the clear 

i 1 content intended for and only after the registration data is retrieved. 

1 18. The method of claim 17 further comprising storing the one or more 

2 cryptographic keys prior to generating data. 

1 19. The method of claim 1 7 wherein the data contains both cryptographic 

2 keys and one or more operating parameters for the off-line encryption device. 

1 20. The method of claim 19 wherein the operating parameter is a 

2 maximum number of encryption sessions allocated to the off-line encryption device. 

1 21 . The method of claim 17 where the step of generating further comprises 

2 determining the operating parameters of the off-line encryption device. 

1 22. The method of claim 1 8 wherein the storing one or more cryptographic 

2 keys flirther comprises, 
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3 storing the one or more cryptographic keys in the off-line encryption device; 

4 and 

5 storing the one or more cryptographic keys in the encryption renewal system. 

1 23. The method of claim 19 further wherein the one or more cryptographic 

2 keys include any one or more of a secret shared key, a private key, and a public key. 

1 24. The method of claim 1 7 wherein the clear content is audio or video 

2 content intended for a user. 
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